为我的程序文件夹的所有用户设置写入权限
我已经在 Visual Studio 中构建了一个程序。该程序创建一个日志文件并在程序运行时写入其中。因此,我构建了一个安装程序(安装项目),它应该为我的程序文件夹设置写入权限,无论哪个用户使用该程序。 目前它看起来像这样:
// ...
}
InitializeComponent();
string folder = Directory.GetCurrentDirectory();
DirectorySecurity ds = Directory.GetAccessControl(folder);
ds.AddAccessRule(new FileSystemAccessRule("Everyone", //Everyone is important
//because rights for all users!
FileSystemRights.Read | FileSystemRights.Write, AccessControlType.Allow));
}
// ...
在最后两行中,我得到一个 System.SystemException:“Die Vertrauensstellung zwischen der primären Domäne und der vertrauenswürdigen Domäne konnte nicht hergestellt werden。
”无法建立主域和受信任域。"]
堆栈跟踪如下所示:
bei System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed)
bei System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean& someFailed)
bei System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
bei System.Security.Principal.NTAccount.Translate(Type targetType)
bei System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified)
bei System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule)
bei System.Security.AccessControl.FileSystemSecurity.AddAccessRule(FileSystemAccessRule rule)
你知道我能做什么吗? 谢谢
I have build a program in Visual Studio. The program creates a logfile and writes into it while the program is running. Therefore I constructed an installer (setup-project), that should set write permissions for my program-folder regardless which user works with the program.
currently it looks like this:
// ...
}
InitializeComponent();
string folder = Directory.GetCurrentDirectory();
DirectorySecurity ds = Directory.GetAccessControl(folder);
ds.AddAccessRule(new FileSystemAccessRule("Everyone", //Everyone is important
//because rights for all users!
FileSystemRights.Read | FileSystemRights.Write, AccessControlType.Allow));
}
// ...
In the last two rows I get a System.SystemException: “Die Vertrauensstellung zwischen der primären Domäne und der vertrauenswürdigen Domäne konnte nicht hergestellt werden.“
[Translation: "The trust relationship between the primary domain and the trusted domain could not be established."]
The stacktrace reads like this:
bei System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed)
bei System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean& someFailed)
bei System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
bei System.Security.Principal.NTAccount.Translate(Type targetType)
bei System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified)
bei System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule)
bei System.Security.AccessControl.FileSystemSecurity.AddAccessRule(FileSystemAccessRule rule)
Have you an idea what I can do?
thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
也许最好的答案并不是你所要求的。不写入程序文件目录是有充分理由的。日志数据尤其是瞬态的,不应该写在这里。
将日志数据写入 TEMP 环境变量指定的目录是一个更好的主意。如果您这样做,您将为您的用户省去一些麻烦,并防止他们将来咒骂您的软件。请查看涵盖同一主题的答案:
允许在Windows 7的程序文件中写入的访问权限
Perhaps the best answer isn't what you've asked for. There's a good reason for not writing to the program files directory. Log data in particular is transient and shouldn't be written here.
It's a much better idea to write log data to the directory specified by the TEMP environment variable. If you do this you'll save your users a few troubles and prevent them cursing your software in the future. Please check out this answer which covers the same topic:
Allow access permission to write in Program Files of Windows 7
您是否错过了实际将访问控制设置回目录的语句?
Aren't you missing the statement where you actually set the access control back to the directory?
这个之前提出的问题应该会为您指明正确的方向。基本上,您不希望任何用户写入
Program Files文件夹。 UAC、安全和其他措施可以尽可能地防止这种情况发生。本质上,如果您想要一个由所有用户写入的文件,您将需要将其放在
ProgramData文件夹中,通过%ALLUSERSPROFILE%访问,而不是通过个人用户的临时文件夹,这绝对是您想要对日志文件执行的操作。请记住,临时文件夹的内容应被视为易失性的,并且可以随时删除,例如通过磁盘清理向导删除。This previously asked question should point you in the right direction. Basically, you do NOT want any user writing to the
Program Filesfolder. UAC, security and other measures are there to try and prevent this as much as possible.Essentially, if you want a single file which will be written to by all users, you will want it in the
ProgramDatafolder, accessible through the%ALLUSERSPROFILE%, rather than the individual users' temporary folder, which is definitely what you want to do with a log file. Remember that the temporary folder's content should be considered volatile, and could be deleted at any time, such as by the Disk Cleanup Wizard.